Articles > Organisation and GDPR

Single Single On (SSO) with Azure

With SSO your users will be able to login into Legalesign from an external authentication system. This article is about how to login from the Azure Active Directory.

You need to register your users within Legalesign first with the same email as their Azure email login, and then they will be able to access Legalesign via the SSO you have set up.

You can follow both this article and Microsoft's guidance on setting up a SSO with SAML from Azure.

Login to Azure then go to Enterprise Applications

login to azure and go to enterprise application

Select New Application

create a new app

Click on 'Non-gallery application', then write a display name, then add your new application. Wait a short while for Microsoft to create the new application. Keep waiting it can take a minute or so....

create the new application

Now set up the Single Single On. In the application's left-hand menu click "Single Sign On". The SSO page will load, then click the "SAML" option from main boxes.

set up the SAML auth

Great. Most of the work is done. Just send us either App Metadata Federation URL, or the Federation Metadata XML.

get the Azure SAML metadata

Now you can stop. We will come back to you with the final details you need to go in the first box. When we do, navigation back to the Application. You will now find it listed within your Azure Active Directory > Enterprise Applications section.

edit the basic saml configuration section

You will be sent the Entity ID, the Reply URL, and the Sign on URL. Enter those and press Save (at the top of the section)

enter the SAML entity id and url details

You can also now find those details within the SSO section of Legalesign - like this:

SAML details in Legalesign

That's it. Close the section and you will see the option to Test your login.

test the saml login

You will need to assign users to be able to use the Application's SSO. Try the test for yourself and if you have any errors paste them into the helpful "Resolving Errors" box provided. Microsoft will diagnose and offer to fix errors it recognises. Probably you will get an immediate error that you need to assign yourself. Just paste in the error message and then click 'Fix it" from the diagnosis.

use resolving errors helper from azure

Go the "Users and groups" section within the application to add users you want to sign in using SSO. Remember, users must already have a user account and access to your team(s) with the same email as their Microsoft Login.

add users to the app who will login to Legalesign

Finally add brand media to the Properties section of the Application within Azure so users can more easily identify the login. Use this:

logo for legalesign app in azure

If you have any issues get in touch with support@legalesign.com.